Heap overflow

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...

CVE-2020-27539

CVE-2020-27539 corresponds to a heap-based overflow in Rostelecom CS-C2SHW 5.0.082.1 where the AgentUpdater component uses a self-written HTTP parser/builder. The HTTP parser may perform an out-of-bounds write on a heap buffer. However, the default configuration restricts the camera to parsing re...

Virtuozzo 7 : http-parser / http-parser-devel (VZLSA-2019-2258)

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

NewStart CGSL CORE 5.05 / MAIN 5.05 : http-parser Vulnerability (NS-SA-2020-0119)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has http-parser packages installed that are affected by a vulnerability: - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Note that Nessus h...

CVE-2020-15811

A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Disable the relaxed HTTP parser in...

CVE-2020-15810

A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Disable the relaxed HTTP parser in...

EulerOS 2.0 SP2 : http-parser (EulerOS-SA-2020-1652)

According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination...

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1652)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : http-parser Vulnerability (NS-SA-2020-0029)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has http-parser packages installed that are affected by a vulnerability: - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Note that Nessus h...

Amazon Linux 2 : http-parser (ALAS-2020-1417)

The version of http-parser installed on the remote host is prior to 2.7.1-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1417 advisory. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...

Important: http-parser

Issue Overview: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Affected Packages: http-parser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

http-parser bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

http-parser bug fix and enhancement update

An update is available for http-parser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Amazon Linux AMI : http-parser (ALAS-2020-1359)

The version of http-parser installed on the remote host is prior to 2.9.3-1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1359 advisory. A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to...

Important: http-parser

Issue Overview: A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.j...

Important: Red Hat Security Advisory: http-parser security update

An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 7 : http-parser (RHSA-2020:1510)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1510 advisory. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in...

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : http-parser (EulerOS-SA-2020-1486)

According to the versions of the http-parser package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By usin...

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1198)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...